<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 02/05/2015 02:24 PM, Matthias
      Wessendorf wrote:<br>
    </div>
    <blockquote
cite="mid:CAAg5f2SCH6MBPPpcNV1=T0OTirrVFH+V2SrjUO0d0KePGAjHvA@mail.gmail.com"
      type="cite">
      <div dir="ltr">While working on the doc for AGPUSH-1258, I found
        this in Apple's "iOS Developer Program License Agreement":
        <div><br>
        </div>
        <div>...</div>
        <div>Further, as a condition to using the APN, You agree not to
          transmit sensitive personal or confidential information
          belonging to an individual (e.g. a social security number,
          financial account or transactional information, or any
          information where the individual may have a reasonable
          expectation of secure transmission) as part of any Push
          Notification, and You agree to comply with any applicable
          notice or consent requirements with respect to any collection,
          transmission, maintenance, processing or use of an end user’s
          personal information.<br>
        </div>
        <div>...</div>
        <div><br>
        </div>
        <div>That means, if an app-developer sends something like "Your
          blood donation appointment is tomorrow" to a user of his
          mobile app, the app-developer is breaking the Apple terms
          _and_ the law in a lot of countries (at least in all EU
          countries) :-) <br>
        </div>
      </div>
    </blockquote>
    What we have to remember is that large amounts of information in
    aggregate can become personally identifying even if any individual
    message is not.  So the law in this case doesn't help since it is
    only the data in context which becomes personally identifying or
    protected.  <br>
    <br>
    I don't think anyone is advocating for sending sensitive information
    via push, but what we are advocating is not putting a big target on
    our (or our user's) backs out of the gate by storing all of the
    messages by default.
    <blockquote
cite="mid:CAAg5f2SCH6MBPPpcNV1=T0OTirrVFH+V2SrjUO0d0KePGAjHvA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        <div>BTW. for Google I don't seem to find a similar paragraph,
          but IMO they are not that thoughtful on privacy terms
          (compared to Apple). </div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>Now, for our UPS guide (or documentation), I will add a few
          sentences to make it clear that our app-developers should
          NEVER submit sensitive personal or confidential information
          with a push.</div>
        <div><br>
        </div>
        <div>Regarding a "Privacy Policy", I will also make clear what
          data of the push we store, for analytic reasons.</div>
        <div><br>
        </div>
        <div>You'll see a PR during my Friday.</div>
      </div>
    </blockquote>
    <br>
    <blockquote
cite="mid:CAAg5f2SCH6MBPPpcNV1=T0OTirrVFH+V2SrjUO0d0KePGAjHvA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><br>
        </div>
        <div><br>
        </div>
        <div>Greetings,</div>
        <div>Matthias</div>
        <div><br>
        </div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Feb 4, 2015 at 2:53 PM,
          Matthias Wessendorf <span dir="ltr">&lt;<a
              moz-do-not-send="true" href="mailto:matzew@apache.org"
              target="_blank">matzew@apache.org</a>&gt;</span> wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">I have created AGPUSH-1257 and AGPUSH-1258</div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Fri, Jan 30, 2015 at 3:22
                    PM, Matthias Wessendorf <span dir="ltr">&lt;<a
                        moz-do-not-send="true"
                        href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>&gt;</span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">
                        <p
                          style="margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px;margin-top:0px!important">Hi,</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">earlier
                          this week there was some discussion about
                          storing the payload of the push notifications
                          ([1]).</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Right
                          now, we store some metrics (e.g. client that
                          send the push, number of devices,
                          deliveryStatus etc) <em>and</em> the entire
                          content of push notification. This includes
                          custom key/value pairs, the name of the sound
                          file or even the size of the badge.</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Is
                          all of that, storing the entire push
                          notification payload really needed? <em>No!</em></p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">What
                          do we need, and why?</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">For
                          counting the number of sent pushes (over
                          time), the metrics are good enough. We do <em>NOT</em> need
                          any of the push content for that, that's
                          correct!</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">But
                          we want to do more on the 1.1.0 release. We
                          want to introduce some analytic features, to
                          give our app developers (our users) a better
                          understanding of their push usage (see [2]).</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">In
                          order to see details on how successful a push
                          was (or not), we need to only store the value
                          of the alert key: <a moz-do-not-send="true"
href="https://aerogear.org/docs/unifiedpush/aerogear-push-ios/img/PushMessage.png"
                            rel="noreferrer"
                            style="color:rgb(65,131,196);text-decoration:none"
                            target="_blank">https://aerogear.org/docs/unifiedpush/aerogear-push-ios/img/PushMessage.png</a></p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Ok,
                          let's change that (see [3])!</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">For
                          our app developers, using the UPS to reach out
                          to their mobile app users ("user engagement"),
                          it's important to understand which push was
                          more successful:</p>
                        <ul style="padding:0px 0px 0px
                          2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">
                          <li>"Get 10% discount today" (sent on a
                            Monday)</li>
                          <li>"Our shop got new site, check it out and
                            get 5% discount" (sent on a Friday)</li>
                        </ul>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">With
                          the upcoming analytics we can help them to
                          improve usage of their app. User interaction
                          is very important to a successful mobile
                          application and push is a key driver here! Our
                          app developers want an app that is actively
                          used by their users (Nobody wants his app
                          sitting on the last page of the device or,
                          even worse, in a folder together with
                          Apple-Maps). Therefore it's critical for our
                          app developers to understand the relevance of
                          their push messages sent and how it impacts
                          the usage of their app. That's why we do the
                          analytics described in [2]. And, yes - only
                          the alert, not the entire payload is needed
                          for that.</p>
                        <h3
                          style="margin-top:1em;margin-bottom:16px;line-height:1.43;font-size:1.5em;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
                          UI',Arial,freesans,sans-serif"><a
                            moz-do-not-send="true"
                            name="14b54ddbb375879a_14b3b38c7b34ae00_user-content-privacy"
href="https://gist.github.com/matzew/b6459083f39394a892c5#privacy"
                            rel="noreferrer"
style="color:rgb(65,131,196);text-decoration:none;display:block;padding-right:6px;padding-left:30px"
                            target="_blank"></a>Privacy</h3>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">On
                          the mentioned PR there was also some
                          discussion about privacy violations and stuff,
                          when we store the content of the notification.
                          An example where <em>sensitive</em> data was
                          sent over push was given. Something like:
                          "Dear Mr. Joe, your blood donation appointment
                          was scheduled for 3 p.m"</p>
                        <ol style="padding:0px 0px 0px
                          2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">
                          <li>This is not how push notifications are
                            used for mobile apps. Push is to signal, not
                            carry actual (sensitive) data around.</li>
                          <li>In a lot of countries, at least almost all
                            European countries, you are not even
                            allowed, by EU law, to give "data" to 3rd
                            party providers (like the push-networks of
                            Microsoft, Apple or Google).</li>
                        </ol>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">How
                          does the actual (sensitive) data come to an
                          app?</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">As
                          said above a push is used to signal/ping an
                          app, to indicate that there is real data for
                          the mobile app user. In the background the
                          mobile app tries to connect to the backend of
                          the company, running/maintaining the mobile
                          app. After the real data was fetched, "local
                          notifcations" are used to give the user a
                          visible notification, like "Dear Mr. Joe, your
                          blood donation appointment was scheduled for 3
                          p.m", or simply "New appointment scheduled".</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">If
                          the app was a chat system (and not a blood
                          donation app from the Red Cross), it would be
                          the same: After a signal, the app connects to
                          "chat server" and receives the actual chat
                          message from there. A reply would go over the
                          same "chat server" connection. None of this
                          would go over a 3rd party push network
                          provider like Google, Microsoft or Apple.</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">What
                          would we store from these silent
                          notifications?</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Nothing,
                          since there is no alert, we would just store
                          the metrics (e.g. client that send the push,
                          number of devices, deliveryStatus etc). If the
                          signaling is actually done with an alert (e.g.
                          alert:"you got a new Chat text" or "New
                          appointment scheduled"), we would store that.</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">I
                          hope this helps a bit to understand what is
                          stored and also why we do need a little bit of
                          information.</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">BTW.
                          our documentation already says that push is
                          used for signaling, not carrying actual data
                          around, but based on this email I will update
                          it to have explicit information on best
                          practices. Also, the documentation will be
                          clear about what (the alert only) is stored by
                          the UPS, and why. (see [4])</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Greetings,</p>
                        <p
                          style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Matthias</p>
                        <ul style="padding:0px 0px 0px
                          2em;margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica
                          Neue',Helvetica,'Segoe
UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">
                          <li>[1] <a moz-do-not-send="true"
                              href="https://github.com/aerogear/aerogear-unifiedpush-server/pull/478"
                              rel="noreferrer"
                              style="color:rgb(65,131,196);text-decoration:none"
                              target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/pull/478</a></li>
                          <li>[2] <a moz-do-not-send="true"
                              href="https://issues.jboss.org/browse/AGPUSH-971"
                              rel="noreferrer"
                              style="color:rgb(65,131,196);text-decoration:none"
                              target="_blank">https://issues.jboss.org/browse/AGPUSH-971</a></li>
                          <li>[3] JIRA TO CREATE: to only store ALERT
                            and not the full payload</li>
                          <li>[4] JIRA TO CREATE: update doc regarding
                            push message storage and best practices</li>
                        </ul>
                        <span><font color="#888888">
                            <div><br>
                            </div>
                            -- <br>
                            <div>Matthias Wessendorf <br>
                              <br>
                              blog: <a moz-do-not-send="true"
                                href="http://matthiaswessendorf.wordpress.com/"
                                target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
                              sessions: <a moz-do-not-send="true"
                                href="http://www.slideshare.net/mwessendorf"
                                target="_blank">http://www.slideshare.net/mwessendorf</a><br>
                              twitter: <a moz-do-not-send="true"
                                href="http://twitter.com/mwessendorf"
                                target="_blank">http://twitter.com/mwessendorf</a></div>
                          </font></span></div>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <div><br>
                  </div>
                  -- <br>
                  <div>Matthias Wessendorf <br>
                    <br>
                    blog: <a moz-do-not-send="true"
                      href="http://matthiaswessendorf.wordpress.com/"
                      target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
                    sessions: <a moz-do-not-send="true"
                      href="http://www.slideshare.net/mwessendorf"
                      target="_blank">http://www.slideshare.net/mwessendorf</a><br>
                    twitter: <a moz-do-not-send="true"
                      href="http://twitter.com/mwessendorf"
                      target="_blank">http://twitter.com/mwessendorf</a></div>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div class="gmail_signature">Matthias Wessendorf <br>
          <br>
          blog: <a moz-do-not-send="true"
            href="http://matthiaswessendorf.wordpress.com/"
            target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
          sessions: <a moz-do-not-send="true"
            href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
          twitter: <a moz-do-not-send="true"
            href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a></div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
aerogear-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/aerogear-dev">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Summers Pittman
&gt;&gt;Phone:404 941 4698
&gt;&gt;Java is my crack.
</pre>
  </body>
</html>